Security Links
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server that makes remote code execution possible. Please note this was only partially patched in 3.19.3, a fully sufficient patch was not released until 3.19.4. However, another CVE was assigned by another CNA for version 3.19.3 so we will leave this as affecting 3.19.2 and before. We have recommended the vendor use JSON encoding to prevent any further deserialization vulnerabilities from being present.
#CERTIFICATE
edX Cybersecurity Courses

Explore cybersecurity courses and certificates. Many organizations have been victims of cybersecurity breaches. Cybersecurity specialists play a critical role in protecting against these attacks. Learn how to become a cybersecurity specialist with online cybersecurity courses offered through edX.

https://www.edx.org/learn/cybersecurity
Certificate Search

Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)

https://crt.sh/
Cybersecurity Guide

Find your cybersecurity degree or certification. This guide is intended to provide actionable resources for everyone looking to learn more about the field. Organizationally, the site is broken into several major sections including.

https://cybersecurityguide.org/
Sectigo Blog

Leading provider of SSL/TLS certificates, automated certificate management and website security solutions. Trusted by the world’s largest brands for 20+ years.

https://www.sectigo.com/resource-library/blog-posts